The disclosed embodiments are directed toward the field of computer security and, specifically, to devices, methods, and computer-readable media for detecting phishing attempts executing or executed on server applications.
Due to the anonymous (or pseudo-anonymous) nature of the Internet, and World Wide Web, it is incumbent on users (and tools used by users) to verify the identity of entities such users interact with via anonymous networks. Malicious attackers frequently exploit both the anonymous nature of network transport protocols and users' inexperience to create clones of websites. For example, an attacker may copy the website of “www.retailer.com” and host their own, controlled copy at “www.retailer.com,” purporting to be owned by “www.retailer.com” and aiming to obtain personal of financial information of the users.
Currently, the use of public-key cryptography is used to verify the identity of websites. When a user visits a website, a browser displays an icon or other indicia indicating that the website is operated by a trusted entity. However, this approach requires that users understand the purpose of public-key cryptography and understand what a certificate represents. Additionally, users must educate themselves to identify verified certificates. Additionally, while improving, public-key cryptography certificates can be cumbersome for website operators to obtain and manage, thus many sites eschew relying on such certificates.
As a result, there exists a need for techniques for verifying the authenticity of a website that is both difficult to detect by attackers and globally accessible by all websites.